aboutsummaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeFilesLines
* kernel: bump 4.4 to 4.4.93 for 17.01Kevin Darbyshire-Bryant2017-10-182-3/+3
| | | | | | | | | | | | Refresh patches. Compile-tested for ar71xx - Archer C7 v2 Runtime-tested on ar71xx - Archer C7 v2 Fixes CVE-2017-15265. Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk> [remove 2nd CVE as it was fixed in mac80211 in commit bff16304b0bf] Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
* mountd: bump to git HEAD version (fixes SIGSEV crashes)Hans Dedecker2017-10-181-4/+4
| | | | | | | 6efeb19 autofs: register SIGTERM for gracefull exit 01bb2b0 mount: fix SIGSEV crashes Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
* LEDE v17.01.4: revert to branch defaultsStijn Tintel2017-10-185-11/+9
| | | | Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
* LEDE v17.01.4: adjust config defaultsv17.01.4Stijn Tintel2017-10-185-9/+11
| | | | Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
* wireguard: version bump to 0.0.20171017Jason A. Donenfeld2017-10-171-2/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This is a simple version bump. Changes: * noise: handshake constants can be read-only after init * noise: no need to take the RCU lock if we're not dereferencing * send: improve dead packet control flow * receive: improve control flow * socket: eliminate dead code * device: our use of queues means this check is worthless * device: no need to take lock for integer comparison * blake2s: modernize API and have faster _final * compat: support READ_ONCE * compat: just make ro_after_init read_mostly Assorted cleanups to the module, including nice things like marking our precomputations as const. * Makefile: even prettier output * Makefile: do not clean before cloc * selftest: better test index for rate limiter * netns: disable accept_dad for all interfaces Fixes in our testing and build infrastructure. Now works on the 4.14 rc series. * qemu: add build-only target * qemu: work on ubuntu toolchain * qemu: add more debugging options to main makefile * qemu: simplify shutdown * qemu: open /dev/console if we're started early * qemu: phase out bitbanging * qemu: always create directory before untarring * qemu: newer packages * qemu: put hvc directive into configuration This is the beginning of working out a cross building test suite, so we do several tricks to be less platform independent. * tools: encoding: be more paranoid * tools: retry resolution except when fatal * tools: don't insist on having a private key * tools: add pass example to wg-quick man page * tools: style * tools: newline after warning * tools: account for padding being in zero attribute Several important tools fixes, one of which suppresses a needless warning. Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com> (cherry picked from commit f6c4a9c045797d9be12310eebc6341050fd260ce)
* hostapd: add wpa_disable_eapol_key_retries optionStijn Tintel2017-10-172-1/+6
| | | | | | | | | | | | | | | Commit b6c3931ad6554357a108127797c8d7097a93f18f introduced an AP-side workaround for key reinstallation attacks. This option can be used to mitigate KRACK on the station side, in case those stations cannot be updated. Since many devices are out there will not receive an update anytime soon (if at all), it makes sense to include this workaround. Unfortunately this can cause interoperability issues and reduced robustness of key negotiation, so disable the workaround by default, and add an option to allow the user to enable it if he deems necessary. Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be> (cherry picked from commit c5f97c9372da3229350184fb263c97d9ea8944c5)
* hostapd: backport extra changes related to KRACKStijn Tintel2017-10-176-0/+730
| | | | | | | | | | | | While these changes are not included in the advisory, upstream encourages users to merge them. See http://lists.infradead.org/pipermail/hostap/2017-October/037989.html Added 013-Add-hostapd-options-wpa_group_update_count-and-wpa_p.patch so that 016-Optional-AP-side-workaround-for-key-reinstallation-a.patch applies without having to rework it. Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
* mac80211: backport kernel fix for CVE-2017-13080Stijn Tintel2017-10-171-0/+81
| | | | | Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be> (cherry picked from commit 2f701194c29da50bfda968a83c6609843f74a7f4)
* x86: partly revert cabf775Jo-Philipp Wich2017-10-162-1/+12
| | | | | | | | The subtarget cleanups made in cabf775 "x86: Refresh subtargets kernel config" removed some important symbol disable statements, so revert the changes to the subtarget configs for now. Signed-off-by: Jo-Philipp Wich <jo@mein.io>
* mac80211: Update wireless-regdb to master-2017-03-07Ryan Mounce2017-10-161-12/+19
| | | | | | | | | | | | | | | | | The short log of changes since the 2016-06-10 release is below. Jouni Malinen (1): wireless-regdb: Remove DFS requirement for India (IN) Ryan Mounce (1): wireless-regdb: Update rules for Australia (AU) and add 60GHz rules Seth Forshee (2): wireless-regdb: Update 5 GHz rules for Canada wireless-regdb: update regulatory.bin based on preceding changes Signed-off-by: Ryan Mounce <ryan@mounce.com.au> (cherry picked from commit 8b12e62e9cd6ba2e3bb2e7f2555180df0173c7c6)
* wireguard: add wireguard to base packagesJason A. Donenfeld2017-10-162-0/+308
| | | | | | | | | | | | | | | | | | | | | | | | Move wireguard from openwrt/packages to base a package. This follows the pattern of kmod-cake and openvpn. Cake is a fast-moving experimental kernel module that many find essential and useful. The other is a VPN client. Both are inside of core. When you combine the two characteristics, you get WireGuard. Generally speaking, because of the extremely lightweight nature and "stateless" configuration of WireGuard, many view it as a core and essential utility, initiated at boot time and immediately configured by netifd, much like the use of things like GRE tunnels. WireGuard has a backwards and forwards compatible Netlink API, which means the userspace tools should work with both newer and older kernels as things change. There should be no versioning requirements, therefore, between kernel bumps and userspace package bumps. Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk> Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com> Acked-by: Jo-Philipp Wich <jo@mein.io> Acked-by: Felix Fietkau <nbd@nbd.name> (cherry picked from commit 699c6fcc314225f79156a26db418e15bbc6bf10f)
* brcmfmac: backport length check in brcmf_cfg80211_escan_handler()Felix Fietkau2017-10-161-0/+63
| | | | | | Fixes CVE-2017-0786 Signed-off-by: Felix Fietkau <nbd@nbd.name>
* kernel: bump 4.4 to 4.4.92Stijn Tintel2017-10-166-12/+12
| | | | | | | | | | | Refresh patches. Fixes the following CVEs: - CVE-2017-1000252 - CVE-2017-12153 - CVE-2017-12154 Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
* ramips: fix compile warning in MT7621 NAND driverFelix Fietkau2017-10-161-1/+1
| | | | Signed-off-by: Felix Fietkau <nbd@nbd.name>
* ramips: fix typo in MT7621 NAND driverFelix Fietkau2017-10-161-1/+1
| | | | Signed-off-by: Felix Fietkau <nbd@nbd.name>
* hostapd: merge fixes for WPA packet number reuse with replayed messages and ↵Felix Fietkau2017-10-1611-10/+929
| | | | | | | | | | | | | | | | | | | | | | | key reinstallation Fixes: - CERT case ID: VU#228519 - CVE-2017-13077 - CVE-2017-13078 - CVE-2017-13079 - CVE-2017-13080 - CVE-2017-13081 - CVE-2017-13082 - CVE-2017-13086 - CVE-2017-13087 - CVE-2017-13088 For more information see: https://w1.fi/security/2017-1/wpa-packet-number-reuse-with-replayed-messages.txt Backport of bbda81ce3077dfade2a43a39f772cfec2e82a9a5 Signed-off-by: Felix Fietkau <nbd@nbd.name>
* x86/64: add xen DomU supportBaptiste Jonglez2017-10-161-1/+58
| | | | | | | | | Xen support for x86/generic was added in 296772f9. This commit also enables it for x86/64. This was successfully tested with Xen 4.5. Signed-off-by: Baptiste Jonglez <git@bitsofnetworks.org>
* x86: Refresh subtargets kernel configBaptiste Jonglez2017-10-163-14/+16
| | | | | | | | | | | | | | | | This was done by simply running `make kernel_menuconfig CONFIG_TARGET=subtarget` and then saving without changing any option. Having consistent kernel config is important to avoid surprises, such as the issue fixed with 6f0367c9 (where Xen support was silently disabled when building the kernel, although it was present in the initial config) As far as I understand the build system, this shouldn't have any user-visible impact, because the build system already merges the various kernel configs during build. Signed-off-by: Baptiste Jonglez <git@bitsofnetworks.org>
* x86: Fix xen serial console by removing conflicting PATA driverBaptiste Jonglez2017-10-162-2/+0
| | | | | | | | | | | | | | | | | | | | | The Xen serial console has been broken since the xen_domu subtarget was merged in the generic x86 subtarget (commits 296772f9 and b36e24f3). The reason for the broken serial console seems to be an IRQ conflict between the serial console driver and the PATA_LEGACY driver: [ 1.330125] genirq: Flags mismatch irq 8. 00000000 (hvc_console) vs. 00000000 (platform[pata_legacy.4]) [ 1.330134] hvc_open: request_irq failed with rc -16. [ 1.330148] Warning: unable to open an initial console. Just drop the PATA_LEGACY driver from the x86/generic and x86_64 subtargets, since this driver is marked experimental and only supports very old ISA devices anyway. It is still included in the x86/legacy subtarget where it rightfully belongs. Fixes: FS#787 Signed-off-by: Baptiste Jonglez <git@bitsofnetworks.org>
* x86/generic: use HIGHMEM64G instead of HIGHMEM4G to fix PAE and XenBaptiste Jonglez2017-10-161-1/+4
| | | | | | | | | | | | | | | | This is a backport of 641a65fd062987a456216cc4fa91ff2910528261 in master. This change re-enables PAE for the 32-bit x86 subtarget, which is interesting in its own right but also necessary for Xen support. Commit af1d1ebd ("x86: enable 4G high memory support for generic (32bit) subtarget") inadvertently disabled both PAE and Xen support. Fixes: FS#908 Cc: Daniel Golle <daniel@makrotopia.org> Cc: Jo-Philipp Wich <jo@mein.io> Signed-off-by: Baptiste Jonglez <git@bitsofnetworks.org>
* kernel: add fix for bgmac with B50212E B1 PHYRafał Miłecki2017-10-135-3/+98
| | | | | | | This PHY requires some extra programming to work reliably with all devices. Backport upstream fix for it. Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
* mt76: sync with version 878456caf60d from masterFelix Fietkau2017-10-1331-52/+38
| | | | | | | Backport required DT changes from commit dabdd123c90c. Significantly improves stability and performance for MT76x2 and MT7603 Signed-off-by: Felix Fietkau <nbd@nbd.name>
* bcm53xx: backport DTS changes up to the first 4.15 queued commitsRafał Miłecki2017-10-108-0/+662
| | | | Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
* ar71xx: add rssileds to WA850RE v1 imageMathias Kresin2017-10-071-0/+1
| | | | | | | | | | | | A default rssileds config exists for the TP-Link WA850RE v1 but the rssiled package is not included by default. The compressed 17.01.3 image size increases by 3302 bytes which should be tolerable even for a 4MB flash board. Fixes: FS#1043 Signed-off-by: Mathias Kresin <dev@kresin.me>
* toolchain/gdb: update to version 8.0.1Ryan Mounce2017-10-053-5/+5
| | | | | | | | Fixes CVE-2017-9778. Signed-off-by: Ryan Mounce <ryan@mounce.com.au> [reference fixed CVE] Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
* cmake: fix build error with Xcode 9 on macOS 12Felix Fietkau2017-10-051-0/+15
| | | | Signed-off-by: Felix Fietkau <nbd@nbd.name>
* gcc: fix build error with macOS + Xcode 9Felix Fietkau2017-10-051-0/+10
| | | | Signed-off-by: Felix Fietkau <nbd@nbd.name>
* build: add a darwin sitefile to deal with macOS 10.12 + Xcode 9 build errorsFelix Fietkau2017-10-052-0/+7
| | | | | | | Certain functions are available in system headers, but only work on macOS 10.13 Signed-off-by: Felix Fietkau <nbd@nbd.name>
* ramips: mt7620: do not pad sysupgrade Archer imagesThibaut VARENE2017-10-041-3/+3
| | | | | | | | | | | | | | | | The current makefile unnecessarily pads sysupgrade image for Archer devices. This has three implications: 1. higher risk of OOM when uploading the binary image to the device 2. much slower upgrade due to time wasted erasing and writing padding 3. grows image beyond available flash size if metadata are appended This is already fixed in master, albeit in a completely different way (the whole target have been reworked) Fixes: FS#1025, FS#1039 Signed-off-by: Thibaut VARENE <hacks@slashdirt.org>
* LEDE v17.01.3: revert to branch defaultsStijn Tintel2017-10-035-11/+9
| | | | Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
* LEDE v17.01.3: adjust config defaultsv17.01.3Stijn Tintel2017-10-035-9/+11
| | | | Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
* uhttp: update to latest versionAdrian Panella2017-10-031-3/+3
| | | | | | | | | | | | | | 3fd58e9 2017-08-19 uhttpd: add manifest support 88c0b4b 2017-07-09 file: fix basic auth regression 99957f6 2017-07-02 file: remove unused "auth" member from struct path_info c0a569d 2017-07-02 proc: expose HTTP_AUTH_USER and HTTP_AUTH_PASS ad93be7 2017-07-02 auth: store parsed username and password fa51d7f 2017-07-02 proc: do not declare empty process variables a8bf9c0 2017-01-26 uhttpd: Add TCP_FASTOPEN support e6cfc91 2016-10-25 lua: ensure that PATH_INFO starts with a slash Signed-off-by: Adrian Panella <ianchi74@outlook.com>
* odhcpd: don't enable server mode on non-static lan portKarl Palsson2017-10-022-3/+18
| | | | | | | | | | | | Instead of blindly enabling the odhcpd v6 server and RA server on the lan port, only do that if the lan port protocol is "static" This prevents the unhelpful case of a device being a dhcpv4 client and v6 server on the same ethernet port. Signed-off-by: Karl Palsson <karlp@etactica.com> [PKG_SOURCE_DATE increase; odhcpd.defaults script cleanup] Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
* odhcpd: backport fixes from master branch (FS#402, FS#524)Hans Dedecker2017-10-021-3/+3
| | | | | | | 336212c config: fix dhcpv4 server being started 336212c dhcpv6: assign all viable DHCPv6 addresses by default (FS#402, FS#524) Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
* dnsmasq: bump to v2.78Kevin Darbyshire-Bryant2017-10-027-226/+4
| | | | | | Fixes CVE-2017-14491, CVE-2017-14492, CVE-2017-14493, CVE-2017-14494, 2017-CVE-14495, 2017-CVE-14496 Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
* base-files: create /etc/config/ directoryHauke Mehrtens2017-10-011-0/+1
| | | | | | | | | | | | | | | The /bin/config_generate script and some other scripts are assuming the /etc/config directory exists in the image. This is true in case for example the package firewall, dropbear or dnsmasq are included, which are adding the files under /etc/config/. Without any of these package the system will not boot up fully because the /etc/config/ directory is missing and some init scripts just fail. Make sure all images with the base-files contain a /etc/config/ directory. Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de> Acked-by: John Crispin <john@phrozen.org>
* sunxi: clean up modules definitionsMatthias Schiffer2017-10-013-45/+5
| | | | | | | | | | | | | | | | | | Module definitions for kmod-wdt-sunxi and kmod-eeprom-sunxi are removed (wdt-sunxi was builtin anyways; nvmem-sunxi, which is the new name of eeprom-sunxi is changed to builtin). As kmod-eeprom-sunxi was specified in DEFAULT_PACKAGES, but not available on kernel 4.4, it was breaking the image builder. Support for kmod-sunxi-ir is added for kernel 4.4 (it is unclear why it was disable before, it builds fine with with kernel 4.4). Condtionals only relevant for pre-4.4 kernels are removed from modules.mk, as sunxi does't support older kernels anymore. Fixes FS#755. Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
* ltq-vdsl-mei: revert disable optimized firmware downloadMathias Kresin2017-09-301-2/+2
| | | | | | | | | | | | This reverts commit b428f45c062dc8ca8c2f35f491fa467dc5b85519. If the optimized firmware download is disabled, the xdsl subsystem hangs in the "idle request" state after physically disconnecting and reconnecting the xdsl modem from the line. It might fix the failing line init on boot as well. Signed-off-by: Mathias Kresin <dev@kresin.me>
* curl: fix security problemsHauke Mehrtens2017-09-303-1/+75
| | | | | | | | This fixes the following security problems: * CVE-2017-1000100 TFTP sends more than buffer size * CVE-2017-1000101 URL globbing out of bounds read Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
* mbedtls: update to 2.6.0 CVE-2017-14032Kevin Darbyshire-Bryant2017-09-302-30/+30
| | | | | | | | | | | | | | | Fixed an authentication bypass issue in SSL/TLS. When the TLS authentication mode was set to 'optional', mbedtls_ssl_get_verify_result() would incorrectly return 0 when the peer's X.509 certificate chain had more than MBEDTLS_X509_MAX_INTERMEDIATE_CA intermediates (default: 8), even when it was not trusted. This could be triggered remotely on both the client and server side. (Note, with the authentication mode set by mbedtls_ssl_conf_authmode()to be 'required' (the default), the handshake was correctly aborted). Signed-off-by: Kevin Darbyshire-Bryant <kevin@darbyshire-bryant.me.uk> Tested-by: Magnus Kroken <mkroken@gmail.com>
* generic: drop 704-phy-no-genphy-soft-reset.patchFlorian Fainelli2017-09-301-11/+0
| | | | | | | | | | | | 4.4.80+ contains 71a165f6397df07a06ce643de5c2dbae29bd3cfb, 4.9.41+ contains 6c78197e4a69c19e61dfe904fdc661b2aee8ec20 which are all backports of upstream commit 0878fff1f42c18e448ab5b8b4f6a3eb32365b5b6 ("net: phy: Do not perform software reset for Generic PHY"). Our local patch is no longer needed, all this patch was doing was utilizing gen10g_soft_reset which does nothing either, so just keep the code unchanged. Signed-off-by: Florian Fainelli <f.fainelli@gmail.com>
* kernel: update 4.4 to 4.4.89Hauke Mehrtens2017-09-3010-35/+35
| | | | Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
* ltq-vdsl-mei: disable optimized firmware downloadMathias Kresin2017-09-281-2/+2
| | | | | | | | | With ltq-vdsl-mei 1.5.17.6 an optimized firmware download was added and enabled by default. As soon as the optimized firmware download is enabled, a watchdog based reboot is trigger between 24h to 48h of uptime if the board isn't connected to a xdsl line. Signed-off-by: Mathias Kresin <dev@kresin.me>
* ltq-vdsl: fix PM thread suspend and resume handlingMartin Schiller2017-09-282-1/+108
| | | | | | | | This is a backport form drv_dsl_cpe_api-4.18.10 and fixes some PM thread handling issues which lead to high system load and watchdog trigger within 1h of uptime for boards not connected to a xdsl line. Signed-off-by: Martin Schiller <ms@dev.tdt.de>
* openvpn: add "extra-certs" optionSven Roederer2017-09-252-1/+2
| | | | | | | | This option is used to specify a file containing PEM certs, to complete the local certificate chain. Which is quite usefull for "split-CA" setups. Signed-off-by: Sven Roederer <devel-sven@geroedel.de> Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
* lantiq: fix missing otg_cap on danube platformDaniel Gonzalez Cabanelas2017-09-201-24/+54
| | | | | | | | | | USB doesn't work in some danube boards because otg_cap is missing since previous changes made on the USB-dwc2 lantiq driver. Fix it. Tested on the ARV7518PW router. Signed-off-by: Daniel Gonzalez Cabanelas <dgcbueu@gmail.com>
* tcpdump: noop commit to refer CVEs fixed in 4.9.2Stijn Tintel2017-09-181-1/+0
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | When bumping tcpdump from 4.9.1 to 4.9.2, I did not include the fixed CVEs in the commit message. As the list of fixed CVEs is quite long, we should probably mention them in the changelogs of the releases to come. This commit will make sure this happens. The following CVEs were fixed in 21014d9708d586becbd62da571effadb488da9fc: CVE-2017-11541 CVE-2017-11541 CVE-2017-11542 CVE-2017-11542 CVE-2017-11543 CVE-2017-11543 CVE-2017-12893 CVE-2017-12894 CVE-2017-12895 CVE-2017-12896 CVE-2017-12897 CVE-2017-12898 CVE-2017-12899 CVE-2017-12900 CVE-2017-12901 CVE-2017-12902 CVE-2017-12985 CVE-2017-12986 CVE-2017-12987 CVE-2017-12988 CVE-2017-12989 CVE-2017-12990 CVE-2017-12991 CVE-2017-12992 CVE-2017-12993 CVE-2017-12994 CVE-2017-12995 CVE-2017-12996 CVE-2017-12997 CVE-2017-12998 CVE-2017-12999 CVE-2017-13000 CVE-2017-13001 CVE-2017-13002 CVE-2017-13003 CVE-2017-13004 CVE-2017-13005 CVE-2017-13006 CVE-2017-13007 CVE-2017-13008 CVE-2017-13009 CVE-2017-13010 CVE-2017-13011 CVE-2017-13012 CVE-2017-13013 CVE-2017-13014 CVE-2017-13015 CVE-2017-13016 CVE-2017-13017 CVE-2017-13018 CVE-2017-13019 CVE-2017-13020 CVE-2017-13021 CVE-2017-13022 CVE-2017-13023 CVE-2017-13024 CVE-2017-13025 CVE-2017-13026 CVE-2017-13027 CVE-2017-13028 CVE-2017-13029 CVE-2017-13030 CVE-2017-13031 CVE-2017-13032 CVE-2017-13033 CVE-2017-13034 CVE-2017-13035 CVE-2017-13036 CVE-2017-13037 CVE-2017-13038 CVE-2017-13039 CVE-2017-13040 CVE-2017-13041 CVE-2017-13042 CVE-2017-13043 CVE-2017-13044 CVE-2017-13045 CVE-2017-13046 CVE-2017-13047 CVE-2017-13048 CVE-2017-13049 CVE-2017-13050 CVE-2017-13051 CVE-2017-13052 CVE-2017-13053 CVE-2017-13054 CVE-2017-13055 CVE-2017-13687 CVE-2017-13688 CVE-2017-13689 CVE-2017-13690 CVE-2017-13725 Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be> (cherry picked from commit 2375e279a7cb462d62fd6028cb3fbd56217222de)
* tcpdump: bump to 4.9.2Stijn Tintel2017-09-182-37/+41
| | | | | Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be> (cherry picked from commit 21014d9708d586becbd62da571effadb488da9fc)
* utils/tcpdump: Rework URLsDaniel Engberg2017-09-181-2/+2
| | | | | | | | | | | | Add actual mirror and use main site as last resport Source: http://www.tcpdump.org/mirrors.html Signed-off-by: Daniel Engberg <daniel.engberg.lists@pyret.net> (cherry picked from commit fd95397ee33a34704771de2ab26a5910b1a88c6f) Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be> Conflicts: package/network/utils/tcpdump/Makefile
* base-files: fix wan6 interface config generation for pppoeHans Dedecker2017-09-182-6/+3
| | | | | | | | | | | | | | | | Setting ipv6 to auto in case of a pppoe interface will trigger the creation of a dynamic wan_6 interface meaning two IPv6 interfaces (wan6 and wan_6) will be active on top of the pppoe interface. This leads to unpredictable behavior in the network; therefore set ipv6 to 1 which will prevent the dynamic creation of the wan_6 interface. Further alias the wan6 interface on top of the wan interface for pppoe as the wan6 interface can only be started when the link local address is ready. In case of pppoe the link local address is negotiated during the Internet Protocol Control Protocol when the PPP link is setup meaning all the IP address info is only available when the wan interface is up. Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>